<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Fixes you need after upgrading Debian from 9 to 10</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="fixes-you-need-after-upgrading-debian-from-9-to-10">Fixes you need after upgrading Debian from 9 to 10</h1>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Check out the lightweight on-premises email archiving software developed by iRedMail team: <a href="https://spiderd.io/">Spider Email Archiver</a>.</p>
</div>
<div class="toc">
<ul>
<li><a href="#fixes-you-need-after-upgrading-debian-from-9-to-10">Fixes you need after upgrading Debian from 9 to 10</a><ul>
<li><a href="#postfix">Postfix</a></li>
<li><a href="#dovecot">Dovecot</a></li>
<li><a href="#clamav">ClamAV</a></li>
<li><a href="#php">PHP</a></li>
<li><a href="#sogo-groupware">SOGo Groupware</a></li>
</ul>
</li>
</ul>
</div>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>This is still a DRAFT document, it may miss some other important changes.</p>
</div>
<h2 id="postfix">Postfix</h2>
<ul>
<li>If you're running MySQL/MariaDB or PostgreSQL backend, you need to remove
  parameter <code>port =</code> in <code>/etc/postfix/mysql/*.cf</code> (MySQL/MariaDB backend) or
  <code>/etc/postfix/pgsql/*.cf</code> (PostgreSQL backend).</li>
</ul>
<h2 id="dovecot">Dovecot</h2>
<p>Changes required to be made in Dovecot main config file <code>/etc/dovecot/dovecot.conf</code>:</p>
<ul>
<li>Remove all <code>postmaster_address =</code>.</li>
<li>Remove parameter <code>ssl_protocols =</code>.</li>
<li>Add new parameter <code>ssl_min_protocol</code> like this:</li>
</ul>
<pre><code>ssl_min_protocol = TLSv1.2
</code></pre>
<p>Note: If your end users run old mail client applications, it may not support
TLSv1.2, you may want to use weaker one like <code>TLSv1.1</code>, <code>TLSv1</code> instead.</p>
<ul>
<li>Add new parameter <code>ssl_dh</code> and load existing file:<ul>
<li>on CentOS, it's <code>/etc/pki/tls/dh2048_param.pem</code></li>
<li>on Debian/Ubuntu, FreeBSD, OpenBSD, it's <code>/etc/ssl/dh2048_param.pem</code></li>
</ul>
</li>
</ul>
<pre><code>ssl_dh = &lt;/etc/ssl/dh2048_param.pem
</code></pre>
<ul>
<li>If you have plugin <code>stats</code> enabled, you need to rename it:</li>
</ul>
<table>
<thead>
<tr>
<th>Old</th>
<th>New</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>mail_plugins = ... stats</code></td>
<td><code>mail_plugins = ... old_stats</code></td>
</tr>
<tr>
<td><code>protocol imap { mail_plugins = ... imap_stats }</code></td>
<td><code>protocol imap { mail_plugins = ... imap_old_stats}</code></td>
</tr>
<tr>
<td><code>service stats {}</code></td>
<td><code>service old-stats {}</code><br/>Warning: It's a dash (<code>-</code>), not underscore (<code>_</code>).</td>
</tr>
<tr>
<td><code>fifo_listener stats-mail</code></td>
<td><code>fifo_listener old-stats-mail</code><br/>Warning: It's a dash (<code>-</code>), not underscore (<code>_</code>).</td>
</tr>
<tr>
<td><code>fifo_listener stats-user</code></td>
<td><code>fifo_listener old-stats-user</code><br/>Warning: It's a dash (<code>-</code>), not underscore (<code>_</code>).</td>
</tr>
<tr>
<td><code>unix_listener stats</code></td>
<td><code>unix_listener old-stats</code><br/>Warning: It's a dash (<code>-</code>), not underscore (<code>_</code>).</td>
</tr>
<tr>
<td><code>plugin { stats_refresh = ... }</code></td>
<td><code>plugin { old_stats_refresh = ...}</code></td>
</tr>
<tr>
<td><code>plugin { stats_track_cmds = ...}</code></td>
<td><code>plugin { old_stats_track_cmds = ...}</code></td>
</tr>
</tbody>
</table>
<p>Inside <code>service old-status {}</code> block, please add new content:</p>
<pre><code>    unix_listener old-stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }
    unix_listener old-stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
</code></pre>
<p>If you get this kind of error in your mail.log:</p>
<pre><code>Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission deni))
</code></pre>
<p>You may be able to fix it by adding the new service stats configuration to /etc/dovecot/dovecot.conf.  See <a href="https://forum.iredmail.org/topic15113-error-netconnectunixvarrundovecotstatswriter-failed.html">this</a> thread.  </p>
<pre><code>service stats {
    unix_listener stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }

    unix_listener stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
}
</code></pre>
<p>Restart Dovecot service is required.</p>
<h2 id="clamav">ClamAV</h2>
<p>You may see errors like this in your mail.log:</p>
<pre><code>!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 114) 
</code></pre>
<p>The issue is that /etc/clamav/clamd.conf has deprecated entries preventing the daemon from starting. Comment/remove them:</p>
<pre><code>#DetectBrokenExecutables false
#ScanOnAccess false
#StatsEnabled false
#StatsPEDisabled true
#StatsHostID auto
#StatsTimeout 10
</code></pre>
<p>Restart the clamav-daemon service afterwards</p>
<h2 id="php">PHP</h2>
<p>Debian 9 offers PHP-5, but Debian 10 offers PHP-7.3, you have to upgrade php manually. </p>
<h2 id="sogo-groupware">SOGo Groupware</h2>
<p>Please replace <code>stretch</code> by <code>buster</code> in file
<code>/etc/apt/sources.list.d/sogo-nightly.repo</code>, then upgrade sogo packages.</p><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>